Continuum Flexes Security Muscle With New Offerings

Continuum unveiled two new security products at it’s Navigate 2018 conference in Boston this week, part of the company’s broader push into protecting end-user networks from cyber attack.

One is a security product for Microsoft Office 365, built in response to an increase in attacks where bad actors used the ubiquitous software as a way to infiltrate an organization’s network. Fielder Hiss, vice president of product at Continuum, told CRN that Office 365 has overtaken ransomware as an attack vector.

“Phishing has evolved to spearphishing. A lot of spearphishing is not even happening from spoofed accounts, but it’s actually happening from compromised accounts,” he said. “Ultimately, that email looks like an email from your boss or a coworker. Our goal is to prevent it. If we see login behavior that is atypical for a person or for a company we can quickly begin to look and see if there’s something there or not. That’s automated. Then the SOC gets involved.”

With the new product MSPs will be able to immediately take compromised accounts offline and begin to remediate the threat, Hiss said.

“It’s looking in real time, ‘Hey this account got logged into from a North Korean IP address,’ “ Hiss said. “Or ‘I’m normally in Boston. I logged into my account from Waco, Texas.’ It doesn’t always mean there’s something wrong, but you can begin to look. One thing that’s great about that is, you can actually suspend an account and take the account offline quickly, get on the phone, and then figure out what’s going on.”

Tim Weber, security service director with ADNET, a Continuum MSP partner based in Hartford, Conn., said phishing attacks against cloud-based services have increased sharply, so he was thrilled to see Continuum respond to that threat.

“The hooks that they’re putting in with the cloud-based services, that was probably the most exiting thing to hear about this week,” Weber said. “We see easily three to four times as many threats now against cloud-based services as opposed to internal. We used to see a lot of ransomware, now it’s all phishing attacks. And successful phishing attacks. We’ve had three this week since I’ve been here [at the conference]. Microsoft has a lot of good information, but its tough to act on. Its tough to pull it together. Continuum, what they can do is pull that down and present it to you and help protect you from it. That’s absolutely enormous for us.”

Continuum also introduced a new compliance dashboard, part of Continuum Security’s Profile & Protect offering, which provides MSPs with system views that enable them to ensure their clients are compliant with critical regulations, starting with HIPAA, and provides easily consumable information to help clients adhere to their audit and self-assessment requirements. The dashboard details a client’s adherence to technical compliance requirements and outlines any gaps in those requirements, allowing providers to deliver visibility into vital information required in highly-regulated industries.

“Our partners can see and monitor the status with respect to security requirements of different protection components, and then be able to present that to the client, so they can begin to have a dialog about where their gaps are, and potentially upsell additional services in order to fill gaps,” Hiss said. “Then, also, to kind of be ready-made for when the audit happens … Everyone who is under a compliance regime, has the annual audit. MSPs are often scrambling in order to deliver their part of the information necessary in and around IT security and management.”

Hiss said when it comes to regulation, there are punitive measures when companies fail to meet compliance standards, and this product helps to eliminate that, at the same time giving the MSP the information it needs to make sure the audits are successful.